out_forward: always initialize salt with random numbers (fluent#2575)

fujimotos · xmcqueen · commit ad24e80aa81a · 2020-09-27T14:52:08.000-07:00
There is an initialization bug that leaves the shared key salt
being uninitialized when SSL is not enabled.

This might allow attackers to guess the shared key by looking at
the hash. Let's always initialize the salt buffer securely using
flb_randombytes().

Signed-off-by: Fujimoto Seiji &lt;fujimoto@ceptord.net&gt;
diff --git a/plugins/out_forward/forward.c b/plugins/out_forward/forward.c
@@ -65,9 +65,6 @@ static int secure_forward_init(struct flb_forward *ctx,
         secure_forward_tls_error(ctx, ret);
         return -1;
     }
-
-    /* Gernerate shared key salt */
-    mbedtls_ctr_drbg_random(&fc->tls_ctr_drbg, fc->shared_key_salt, 16);
     return 0;
 }
 #endif
@@ -520,6 +517,12 @@ static int forward_config_init(struct flb_forward_config *fc,
     }
 #endif
 
+    /* Generate the shared key salt */
+    if (flb_randombytes(fc->shared_key_salt, 16)) {
+        flb_plg_error(ctx->ins, "cannot generate shared key salt");
+        return -1;
+    }
+
     mk_list_add(&fc->_head, &ctx->configs);
     return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -65,9 +65,6 @@ static int secure_forward_init(struct flb_forward *ctx,`
`65`	`65`	`secure_forward_tls_error(ctx, ret);`
`66`	`66`	`return -1;`
`67`	`67`	`}`
`68`		`-`
`69`		`- /* Gernerate shared key salt */`
`70`		`- mbedtls_ctr_drbg_random(&fc->tls_ctr_drbg, fc->shared_key_salt, 16);`
`71`	`68`	`return 0;`
`72`	`69`	`}`
`73`	`70`	`#endif`
`@@ -520,6 +517,12 @@ static int forward_config_init(struct flb_forward_config *fc,`
`520`	`517`	`}`
`521`	`518`	`#endif`
`522`	`519`
	`520`	`+ /* Generate the shared key salt */`
	`521`	`+ if (flb_randombytes(fc->shared_key_salt, 16)) {`
	`522`	`+ flb_plg_error(ctx->ins, "cannot generate shared key salt");`
	`523`	`+ return -1;`
	`524`	`+ }`
	`525`	`+`
`523`	`526`	`mk_list_add(&fc->_head, &ctx->configs);`
`524`	`527`	`return 0;`
`525`	`528`	`}`